diff --git a/0001-copy-Stable-sort-in-tests.patch b/0001-copy-Stable-sort-in-tests.patch
index 93b3ecd..ff86fd7 100644
--- a/0001-copy-Stable-sort-in-tests.patch
+++ b/0001-copy-Stable-sort-in-tests.patch
@@ -1,7 +1,7 @@
 From 8b20bbd329c07941f3e4aa00e14c05ed27b25435 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Tue, 2 Mar 2021 22:20:49 +0000
-Subject: [PATCH 1/5] copy: Stable sort in tests.
+Subject: [PATCH 1/6] copy: Stable sort in tests.
 
 When running the tests in Koji they behaved differently from running
 locally (under a UTF-8 locale).  This turned out to be a difference in
diff --git a/0001-security-Document-assignment-of-CVE-2021-20286.patch b/0001-security-Document-assignment-of-CVE-2021-20286.patch
new file mode 100644
index 0000000..ca96878
--- /dev/null
+++ b/0001-security-Document-assignment-of-CVE-2021-20286.patch
@@ -0,0 +1,39 @@
+From 40308a005eaa6b2e8f98da8952d0c0cacc51efde Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Fri, 12 Mar 2021 17:00:58 -0600
+Subject: [PATCH] security: Document assignment of CVE-2021-20286
+
+Now that we finally have a CVE number, it's time to document
+the problem (it's low severity, but still a denial of service).
+
+Fixes: fb4440de9cc7 (opt_go: Tolerate unplanned server death)
+---
+ docs/libnbd-security.pod | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/docs/libnbd-security.pod b/docs/libnbd-security.pod
+index 876ef2f..3c994de 100644
+--- a/docs/libnbd-security.pod
++++ b/docs/libnbd-security.pod
+@@ -22,6 +22,12 @@ L<https://www.redhat.com/archives/libguestfs/2019-September/msg00128.html>
+ See the full announcement here:
+ L<https://www.redhat.com/archives/libguestfs/2019-October/msg00060.html>
+ 
++=head2 CVE-2021-20286
++denial of service when using L<nbd_set_opt_mode(3)>
++
++See the full announcement here:
++L<https://listman.redhat.com/archives/libguestfs/2021-March/msg00092.html>
++
+ =head1 SEE ALSO
+ 
+ L<libnbd(3)>.
+@@ -34,4 +40,4 @@ Richard W.M. Jones
+ 
+ =head1 COPYRIGHT
+ 
+-Copyright (C) 2019 Red Hat Inc.
++Copyright (C) 2019-2021 Red Hat Inc.
+-- 
+2.29.0.rc2
+
diff --git a/0002-copy-Nicer-sort.patch b/0002-copy-Nicer-sort.patch
index 7ea1409..092ea58 100644
--- a/0002-copy-Nicer-sort.patch
+++ b/0002-copy-Nicer-sort.patch
@@ -1,7 +1,7 @@
 From bae7c41a5126c56da4ee77bce39955036fca8b5f Mon Sep 17 00:00:00 2001
 From: Eric Blake <eblake@redhat.com>
 Date: Tue, 2 Mar 2021 16:31:39 -0600
-Subject: [PATCH 2/5] copy: Nicer sort
+Subject: [PATCH 2/6] copy: Nicer sort
 
 Tell sort where the numbers live, so we can get columns in ascending
 numeric order.  Improves 8b20bbd329.
diff --git a/0003-Revert-copy-file-ops.c-Remove-unneeded-check.patch b/0003-Revert-copy-file-ops.c-Remove-unneeded-check.patch
index b45d880..dc8c37d 100644
--- a/0003-Revert-copy-file-ops.c-Remove-unneeded-check.patch
+++ b/0003-Revert-copy-file-ops.c-Remove-unneeded-check.patch
@@ -1,7 +1,7 @@
 From 4e456ff6363580177ceffdad79b8fc1e8c7f35eb Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Wed, 3 Mar 2021 10:12:31 +0000
-Subject: [PATCH 3/5] Revert "copy: file-ops.c: Remove unneeded check"
+Subject: [PATCH 3/6] Revert "copy: file-ops.c: Remove unneeded check"
 
 This reverts commit 0f6e4f38bc440fc52c20a3a448ef031f806ec5e2.
 
diff --git a/0004-copy-file-ops.c-Remove-unneeded-check.patch b/0004-copy-file-ops.c-Remove-unneeded-check.patch
index 7c5cc03..11f23a5 100644
--- a/0004-copy-file-ops.c-Remove-unneeded-check.patch
+++ b/0004-copy-file-ops.c-Remove-unneeded-check.patch
@@ -1,7 +1,7 @@
 From 94a78764d80b6dc41ff2ae8a0e5f1b35c2fd8e78 Mon Sep 17 00:00:00 2001
 From: Nir Soffer <nsoffer@redhat.com>
 Date: Sat, 27 Feb 2021 05:36:38 +0200
-Subject: [PATCH 4/5] copy: file-ops.c: Remove unneeded check
+Subject: [PATCH 4/6] copy: file-ops.c: Remove unneeded check
 
 This function is called only from page_cache_evict(), which already
 check that we could map the cached pages. Add an assert to document this
diff --git a/0005-copy-file-ops.c-Fix-page-eviction-when-len-page_size.patch b/0005-copy-file-ops.c-Fix-page-eviction-when-len-page_size.patch
index 9430c05..ba5811a 100644
--- a/0005-copy-file-ops.c-Fix-page-eviction-when-len-page_size.patch
+++ b/0005-copy-file-ops.c-Fix-page-eviction-when-len-page_size.patch
@@ -1,7 +1,7 @@
 From 107eb605cfb75238020332b5a5461d0e09d62bec Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Wed, 3 Mar 2021 12:51:51 +0100
-Subject: [PATCH 5/5] copy/file-ops.c: Fix page eviction when len < page_size.
+Subject: [PATCH 5/6] copy/file-ops.c: Fix page eviction when len < page_size.
 
 On Fedora ppc64le at the moment page size is 64K.  When asked to evict
 a range with length < 64K the length calculation wrapped around and it
diff --git a/0006-info-Let-exit-status-reflect-any-failures-during-NBD.patch b/0006-info-Let-exit-status-reflect-any-failures-during-NBD.patch
new file mode 100644
index 0000000..7ac2cfa
--- /dev/null
+++ b/0006-info-Let-exit-status-reflect-any-failures-during-NBD.patch
@@ -0,0 +1,119 @@
+From 64962a582c00828cc2d26d94b149840ab2402165 Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Thu, 4 Mar 2021 09:27:56 -0600
+Subject: [PATCH 6/6] info: Let exit status reflect any failures during
+ NBD_OPT_INFO
+
+It turns out that at least nbdkit's testsuite was relying on a
+non-zero exit status from nbdinfo when purposefully attempting to get
+info on an invalid export name.  Printing as much information as
+possible instead of going silent becaus of one error is good, but any
+time we print to stderr, the exit status should reflect that.
+
+Fixes: 5473e34fc1 (info: Don't kill --list early just because one opt_info fails)
+Reported-by: Rich Jones <rjones@redhat.com>
+---
+ info/nbdinfo.c | 25 +++++++++++++++----------
+ 1 file changed, 15 insertions(+), 10 deletions(-)
+
+diff --git a/info/nbdinfo.c b/info/nbdinfo.c
+index 4b18ab2..3dfc463 100644
+--- a/info/nbdinfo.c
++++ b/info/nbdinfo.c
+@@ -58,9 +58,9 @@ DEFINE_VECTOR_TYPE (uint32_vector, uint32_t)
+ static int collect_context (void *opaque, const char *name);
+ static int collect_export (void *opaque, const char *name,
+                            const char *desc);
+-static void list_one_export (struct nbd_handle *nbd, const char *desc,
++static bool list_one_export (struct nbd_handle *nbd, const char *desc,
+                              bool first, bool last);
+-static void list_all_exports (struct nbd_handle *nbd1, const char *uri);
++static bool list_all_exports (struct nbd_handle *nbd1, const char *uri);
+ static void print_json_string (const char *);
+ static char *get_content (struct nbd_handle *, int64_t size);
+ static int extent_callback (void *user_data, const char *metacontext,
+@@ -124,6 +124,7 @@ main (int argc, char *argv[])
+   int tls_negotiated;
+   char *output = NULL;
+   size_t output_len = 0;
++  bool list_okay = true;
+ 
+   progname = argv[0];
+ 
+@@ -336,9 +337,9 @@ main (int argc, char *argv[])
+     }
+ 
+     if (!list_all)
+-      list_one_export (nbd, NULL, true, true);
++      list_okay = list_one_export (nbd, NULL, true, true);
+     else
+-      list_all_exports (nbd, argv[optind]);
++      list_okay = list_all_exports (nbd, argv[optind]);
+ 
+     if (json_output)
+       fprintf (fp, "}\n");
+@@ -365,7 +366,7 @@ main (int argc, char *argv[])
+     exit (EXIT_FAILURE);
+   }
+ 
+-  exit (EXIT_SUCCESS);
++  exit (list_okay ? EXIT_SUCCESS : EXIT_FAILURE);
+ }
+ 
+ static int
+@@ -398,7 +399,7 @@ collect_export (void *opaque, const char *name, const char *desc)
+   return 0;
+ }
+ 
+-static void
++static bool
+ list_one_export (struct nbd_handle *nbd, const char *desc,
+                  bool first, bool last)
+ {
+@@ -424,7 +425,7 @@ list_one_export (struct nbd_handle *nbd, const char *desc,
+       nbd_opt_go (nbd) == -1) {
+     fprintf (stderr, "%s: %s: %s\n", progname, nbd_get_export_name (nbd),
+              nbd_get_error ());
+-    return;
++    return false;
+   }
+   size = nbd_get_size (nbd);
+   if (size == -1) {
+@@ -599,12 +600,14 @@ list_one_export (struct nbd_handle *nbd, const char *desc,
+   free (content);
+   free (export_name);
+   free (export_desc);
++  return true;
+ }
+ 
+-static void
++static bool
+ list_all_exports (struct nbd_handle *nbd1, const char *uri)
+ {
+   size_t i;
++  bool list_okay = true;
+ 
+   if (export_list.size == 0 && json_output)
+     fprintf (fp, "\"exports\": []\n");
+@@ -639,14 +642,16 @@ list_all_exports (struct nbd_handle *nbd1, const char *uri)
+     }
+ 
+     /* List the metadata of this export. */
+-    list_one_export (nbd2, export_list.ptr[i].desc, i == 0,
+-                     i + 1 == export_list.size);
++    if (!list_one_export (nbd2, export_list.ptr[i].desc, i == 0,
++                          i + 1 == export_list.size))
++      list_okay = false;
+ 
+     if (probe_content) {
+       nbd_shutdown (nbd2, 0);
+       nbd_close (nbd2);
+     }
+   }
++  return list_okay;
+ }
+ 
+ static void
+-- 
+2.29.0.rc2
+
diff --git a/libnbd.spec b/libnbd.spec
index 785c0d7..da39a6f 100644
--- a/libnbd.spec
+++ b/libnbd.spec
@@ -8,7 +8,7 @@
 %global source_directory 1.7-development
 
 Name:           libnbd
-Version:        1.7.3
+Version:        1.7.4
 Release:        1%{?dist}
 Summary:        NBD client library in userspace
 
@@ -25,13 +25,6 @@ Source2:       libguestfs.keyring
 # Maintainer script which helps with handling patches.
 Source3:        copy-patches.sh
 
-# Upstream patches to fix tests.
-Patch0001:      0001-copy-Stable-sort-in-tests.patch
-Patch0002:      0002-copy-Nicer-sort.patch
-Patch0003:      0003-Revert-copy-file-ops.c-Remove-unneeded-check.patch
-Patch0004:      0004-copy-file-ops.c-Remove-unneeded-check.patch
-Patch0005:      0005-copy-file-ops.c-Fix-page-eviction-when-len-page_size.patch
-
 %if 0%{patches_touch_autotools}
 BuildRequires: autoconf, automake, libtool
 %endif
@@ -222,6 +215,15 @@ touch interop/structured-read.sh
 chmod +x interop/structured-read.sh
 %endif
 
+# interop/interop-qemu-storage-daemon.sh fails in RHEL 9 because of
+# this bug in qemu:
+# https://lists.nongnu.org/archive/html/qemu-devel/2021-03/threads.html#03544
+%if 0%{?rhel}
+rm interop/interop-qemu-storage-daemon.sh
+touch interop/interop-qemu-storage-daemon.sh
+chmod +x interop/interop-qemu-storage-daemon.sh
+%endif
+
 # All fuse tests fail in Koji with:
 # fusermount: entry for fuse/test-*.d not found in /etc/mtab
 # for unknown reasons but probably related to the Koji environment.
@@ -308,6 +310,16 @@ make %{?_smp_mflags} check || {
 
 
 %changelog
+* Mon Mar 15 2021 Richard W.M. Jones <rjones@redhat.com> - 1.7.4-1
+- New upstream development version 1.7.4.
+
+* Mon Mar 15 2021 Richard W.M. Jones <rjones@redhat.com> - 1.7.3-3
+- Update documentation for CVE-2021-20286.
+- Workaround broken interop/interop-qemu-storage-daemon.sh test in RHEL 9.
+
+* Thu Mar  4 2021 Richard W.M. Jones <rjones@redhat.com> - 1.7.3-2
+- Add fix for nbdkit test suite.
+
 * Tue Mar  2 2021 Richard W.M. Jones <rjones@redhat.com> - 1.7.3-1
 - New upstream version 1.7.3.
 
diff --git a/sources b/sources
index 2a25167..062ad7d 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (libnbd-1.7.3.tar.gz) = 1d7a0e6a5797d1df2e40b5e211ccea78926e2df882423a557acbc3c040f1b4c3f782a4754340be64d1176f0fd3524b094b9266186e25a80668494c7f72e3ef13
-SHA512 (libnbd-1.7.3.tar.gz.sig) = 0d693add7361b29dab7f744d24dce56518f64c0f3133847e685175d711e281c924850046a573d64d8354b5acd21bee34815163f7a8eb9f41266026435f1ba892
+SHA512 (libnbd-1.7.4.tar.gz) = bf5174664b3950a6a81dc56393e51cd151ab6829206cc6289a149b371ab5ea85403c8501ee9d3ba14d16084fd9cdfaa4c35dcb4519cf6ce24d1713fadbc2dfb1
+SHA512 (libnbd-1.7.4.tar.gz.sig) = d101df29237948ac6820ded33c10b80711ec24a5827fe4851904885382ef20b202537625dba301847be5bf22857655a2e3da36cc38e1202d546dc079a5121e19